Hi all. I am trying to find a free solution for analyzing our network's access to the internet. I need some monitoring software that can tell me which users on the domain are spiking our internet bandwidth. Any suggestions?

Lots of tools out there to do what you want. Depends on how your network is configured, what equipment you have and exactly what data you want and when you want it, and how much effort you want to put into it.

If you have managed equipment with SNMP you can run MRTG, PRTG, CACTI, and multiple other servers that will collect data from your SNMP devices and report on the information. Make sure you get the mibs from the manufacturer so your SNMP software knows what it's looking at. An SNMP solution i you have the equipment can provide you with network usage on individual ports of a switch for instance. If you know where the port goes then you know what or who is eating bandwidth.

If you don't have SNMP or would like to see what you have based on say DNS or IP address you have some other options.

A Proxy for instance is one, Untangle works pretty well for this but you can just use squid on any old Linux machine, just place it in bridged mode to act as a transparent proxy or use something like AD to set user proxy setting pointing to the proxy machine. This will log all access by your users and where they are visiting etc...

Without a proxy you have the option of placing a machine in a transparent bridge position, using port mirroring, a hub, or a tap to run a machine NIC in promiscuous mode and then using software like bandwidthD or ntop to graph data usage based on machine. Or use software like iftop to view near real time usage of your network and see what's going on. You could also use wireshark to actually capture payloads and see what's in the data.

I have recently posted HOW-TOs on iftop and bandwidthD with some screen captures if you want to get familiar with them.

A lot depends on the device you are using to manage outbound/inbound Internet access. I run all my workstations through a squid proxy server for content filtering and it logs all access so you can easily determine where users have been, how long they have been there, and what web pages they have visited.

Lots of tools out there to do what you want. Depends on how your network is configured, what equipment you have and exactly what data you want and when you want it, and how much effort you want to put into it.

If you have managed equipment with SNMP you can run MRTG, PRTG, CACTI, and multiple other servers that will collect data from your SNMP devices and report on the information. Make sure you get the mibs from the manufacturer so your SNMP software knows what it's looking at. An SNMP solution i you have the equipment can provide you with network usage on individual ports of a switch for instance. If you know where the port goes then you know what or who is eating bandwidth.

If you don't have SNMP or would like to see what you have based on say DNS or IP address you have some other options.

A Proxy for instance is one, Untangle works pretty well for this but you can just use squid on any old Linux machine, just place it in bridged mode to act as a transparent proxy or use something like AD to set user proxy setting pointing to the proxy machine. This will log all access by your users and where they are visiting etc...

Without a proxy you have the option of placing a machine in a transparent bridge position, using port mirroring, a hub, or a tap to run a machine NIC in promiscuous mode and then using software like bandwidthD or ntop to graph data usage based on machine. Or use software like iftop to view near real time usage of your network and see what's going on. You could also use wireshark to actually capture payloads and see what's in the data.

I have recently posted HOW-TOs on iftop and bandwidthD with some screen captures if you want to get familiar with them.